As more devices are connected to the Internet, not only are vulnerabilities introduced into those networked things, but also some glaring holes are exposed in organizations’ ability to receive and triage bug reports. Researchers at Rapid7 today disclosed details on a pair of vulnerabilities in toys and interactive platforms aimed at children. The two vulnerabilities...

Google today patched Nexus devices in an over-the-air update against a critical vulnerability that could be exploited by an attacker on the same Wi-Fi network. The patch addresses multiple vulnerabilities in the Broadcom Wi-Fi driver that could be abused to allow for remote code execution. The patches were pushed out in builds LMY49G or later...

A group of researchers are encouraging any smartphone users who own an L3 G3 to upgrade their devices after coming across a serious security vulnerability. If exploited the bug could enable an attacker to run arbitrary JavaScript, and lead to a handful of issues, including data theft, phishing attacks and a denial of service. The...

Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told to audit their systems for the Juniper backdoor. Download: news_wrap_01-29-16.mp3 Music by Chris Gonsalves

The OpenSSL project team today patched two vulnerabilities in the crypto library, one of which is rated high severity and exposes many popular applications to attack. The patches are in new releases of OpenSSL, 1.0.1r and 1.0.2f, along with an enhancement to the strength of the cryptography in a previous mitigation for last year’s Logjam...

A Java serialization vulnerability disclosed more than a year ago figured to have a long shelf life. It lived in popular Java application development frameworks such as Apache Commons Collections—where it’s been patched—and not to mention widely deployed application servers such as Oracle WebLogic, IBM WebSphere, Red Hat’s JBoss and others. PayPal this week put...

Earlier this week Israel’s Electric Authority mitigated what officials there are calling a “severe cyber attack.” The Electric Authority is in charge of regulating and overseeing the distribution of electricity in Israel. The State of Israel’s National Infrastructure, Energy and Water Resources Minister Yuval Steinitz disclosed the incident, calling it a virus Tuesday, during closing...

The Internet of Things security challenge is twofold: finding bugs, and more urgent—fixing them. Cisco’s Talos security intelligence and research group found and privately disclosed a serious and trivially exploitable client-side bug in MiniUPnP that was patched in September of last year. The problem is: How many patches were applied by vendors in their products...

Mozilla has patched a number of critical vulnerabilities in Firefox 44 and Firefox Extended Release 38.6, which were released this week. The most serious flaws were memory vulnerabilities that lived in both the public and extended support versions of the browser. A buffer overflow (write) in WebGL, the browser’s Web graphics library, was patched. WebGL...

Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls. Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide the committee with a report on whether the...